Full (Active) Web App Scanning

3min

The --scanMode=fullscan option loads a ruleset that is tuned for performing attack based scans against web applications. Additionally some baseline passive rules will be run.
Large more comprehensive ruleset.
Actively tries to attack the site through common vulnerabilities and attack techniques.
Longer running than a passive scan, but more thorough testing.
Running a scan
To run a active scan all you need is the URL of the site to scan and the DAST CLI will do the rest, including crawling the site to find additional pages and resources to test.
docker run -it soosio/dast --clientId=<soos_client_id> --apiKey="<soos_apikey>" --projectName="<project_name>" --scanMode=fullscan https://url-to-test
Further Configurations
﻿Running Authenticated DAST Scans﻿ 
﻿Excluding DAST Scan Rules﻿ 
﻿Adjusting Scan Times﻿ 
﻿Excluding URLs From Being Scanned﻿ 
﻿

Baseline (Passive) Web App Scanning

API Scanning